Question

1. Which property of secure hash functions—one-way, weak collision-resitance, or strong collision-resistance—make them useful in the context of password security?
2. What is a password dictionary? Can it be used to improve password security?
3. What is the motivation for limiting the password age? In particular, why would you enforce a maximum age? Why would you want to set a minimum age?

Answer 1

Solution for the problem is provided below, please comment if any doubts:

I) Answer: Weak collision resistance

Explanation:

• The processing of password is requires the weak collision resistance as necessary feature for password security.
• The password is stored in the form of its hash function result in the password storage, not as the original password itself. So while we enter the password in some other time to login using the password again compute the secure hash function and check for the equality.
• The weak collision resistance is one in which for a given “s”, it is possible to find “t” such that Hash(s)=Hash(t).
• The strong collision check for two arbitrary values, so it not requires much for password security.
• All the secure hash function should be one way, it doesn’t have much impact with password security.

II) Password dictionary

• It is a database stores the password that guessed by password hacking tools on various servers.

It can be used to improve the security, since:

• The password that can be guessed by hacking tools can be avoided by using the password dictionary.
• While we set the password, if the password in the password dictionary came, them alert the user to choose another password for better security.

III)

Limiting the password age, because:

• The same password used over a long time is surely a risk, a compromised password system. Or long attempting password break can be happen, to avoid this a limiting password age is used.

The maximum age: The maximum age should be set for passwords to avoid the possible password hack. A long live password means the attacker will get that much time to hack the password. The attacker should not get much time, so the password should be set with a maximum age.

The minimum age: It is to avoid the usage of previously used password by the user after a mandatory password change. The users normally likes to stay with their one password without much worry about the security. But this should be avoid, so one password should not changed instantly after it set.